09 safer htmlout output

Started by BamBam0077, October 06, 2018, 05:16:05 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Tundracanine

I still cant see the point of this myself.
You not adding any kind of extra htmlspecial chars or anything but some array..
Prob with any opensource code is people could find the vars used just via looking in the source aka at git...

My op cause its an array could lead to memory issues.. after all 09 can be run on just about any server out there..
If wanting support help please put bare min info like
Os:
U-232 Version:
Php Version:
Tracker type: like xbt or php
Saves on asking more questions just so people can help someone.

BamBam0077

#6
ok how i got it working for login:

include/bittorrent.php

class htmlout {
  public $login;

     function __construct($login) {
$this->name = $login;
}
}


login.php

<?php
include("tmplogin.php");
$htmlout = new htmlout($tmplogin);
echo 
$htmlout->login;
?>



tmplogin.php

<?php
/*
+------------------------------------------------
|   TBDev.net BitTorrent Tracker PHP
|   =============================================
|   by CoLdFuSiOn
|   (c) 2003 - 2009 TBDev.Net
|   http://www.tbdev.net
|   =============================================
|   svn: http://sourceforge.net/projects/tbdevnet/
|   Licence Info: GPL
+------------------------------------------------
|   $Date$
|   $Revision$
|   $Author$
|   $URL$
+------------------------------------------------
*/
$tmplogin true;
if (
$tmplogin == true) {
require_once 
"include/bittorrent.php" ;
ini_set('session.use_trans_sid''0');
$lang array_mergeload_language('global'), load_language('login') );
$HTMLOUT "";
    unset(
$returnto);
    if (!empty(
$_GET["returnto"])) {
      
$returnto $_GET["returnto"];
      if (!isset(
$_GET["nowarn"])) 
      {
  
  
        
$HTMLOUT .= "<h1>{$lang['login_not_logged_in']}</h1>\n";
        
$HTMLOUT .= "{$lang['login_error']}";
      }
    }


    
$HTMLOUT .= "<script type='text/javascript' src='captcha/captcha.js'></script>

    <form method='post' action='takelogin.php'>
    <p>Note: You need cookies enabled to log in.</p>
    <table border='0' cellpadding='5'>
      <tr>
        <td class='rowhead'>
{$lang['login_username']}</td>
        <td align='left'><input type='text' size='40' name='username' /></td>
      </tr>
      <tr>
        <td class='rowhead'>
{$lang['login_password']}</td>
        <td align='left'><input type='password' size='40' name='password' /></td>
      </tr>
      <tr>
        <td colspan='2' align='center'>
          <input type='submit' value='
{$lang['login_login']}' class='btn' />
        </td>
      </tr>
    </table>"
;


    if (isset(
$returnto))
      
$HTMLOUT .= "<input type='hidden' name='returnto' value='" htmlentities($returnto) . "' />\n";


    
$HTMLOUT .= "</form>
    
{$lang['login_signup']}";


    print 
stdhead("{$lang['login_login_btn']}") . $HTMLOUT stdfoot();
}
?>





i personally use echo not $htmlout that is why my login box is outside the outerbox ;)

my version:

<?php
/*
+------------------------------------------------
|   TBDev.net BitTorrent Tracker PHP
|   =============================================
|   by CoLdFuSiOn
|   (c) 2003 - 2009 TBDev.Net
|   http://www.tbdev.net
|   =============================================
|   svn: http://sourceforge.net/projects/tbdevnet/
|   Licence Info: GPL
+------------------------------------------------
|   $Date$
|   $Revision$
|   $Author$
|   $URL$
+------------------------------------------------
*/
$tmplogin true;
if (
$tmplogin == true) {
require_once 
"include/bittorrent.php" ;
ini_set('session.use_trans_sid''0');
$lang array_mergeload_language('global'), load_language('login') );

stdhead("{$lang['login_login_btn']}");   
   unset(
$returnto);
    if (!empty(
$_GET["returnto"])) {
      
$returnto $_GET["returnto"];
      if (!isset(
$_GET["nowarn"])) 
      {
  
  
        echo 
"<h1>{$lang['login_not_logged_in']}</h1>\n";
        echo 
"{$lang['login_error']}";
      }
    }


   echo 
"<script type='text/javascript' src='captcha/captcha.js'></script>

    <form method='post' action='takelogin.php'>
    <p>Note: You need cookies enabled to log in.</p>
    <table border='0' cellpadding='5'>
      <tr>
        <td class='rowhead'>
{$lang['login_username']}</td>
        <td align='left'><input type='text' size='40' name='username' /></td>
      </tr>
      <tr>
        <td class='rowhead'>
{$lang['login_password']}</td>
        <td align='left'><input type='password' size='40' name='password' /></td>
      </tr>
      <tr>
        <td colspan='2' align='center'>
          <input type='submit' value='
{$lang['login_login']}' class='btn' />
        </td>
      </tr>
    </table>"
;


    if (isset(
$returnto))
      echo 
"<input type='hidden' name='returnto' value='" htmlentities($returnto) . "' />\n";


    echo 
"</form>
    
{$lang['login_signup']}";

stdfoot();
}
?>


"When Darkness Shadows Your Doubts, Deep Within Us Is Our Key, Not Success But Everything" ~ Anonymous

BamBam0077

from what I understand from it is a modified version of $this->lang
I thought u232 would be more secure my way no offfense it would be alot of work to convert so I would just suggest trying it on tbdev09

from what I can tell it makes it run the print of the example so if I wanted admincp to print into the admin.php
script I would run a customized version like so $htmlout->admincp; use echo for the template rather then $htmlout for output so it would be a new version rather then looking at the jammed packed $HTMLOUT.=""; everywhere :D
"When Darkness Shadows Your Doubts, Deep Within Us Is Our Key, Not Success But Everything" ~ Anonymous

son

Dumb question, if this source uses HTMLOUT... what work would be required to convert something that don't need it.

Just asking, if this source already uses htmlout to basically anything that shows on screen now
My Specs
   xubuntu Desktop 20.04 LTS 64Bit
   MariaDB Ver 15.1 Distrib 10.1.38
   Zend OPcache v7.0.33-1
   PHP 7.0.18-0
   Apache 2.4.29
   U-232
   PHP Tracker

"Simplicity is the ultimate sophistication"

BamBam0077

#3
you would need to make minor edits in the class htmlout {} to run the template so example

say:

<?php
include("inc/bittorrent.php");
dbconn();
$htmlout = new htmlout($template); // blocks/template.php would have a if statement (=
echo $htmlout->template;
?>

"When Darkness Shadows Your Doubts, Deep Within Us Is Our Key, Not Success But Everything" ~ Anonymous

Tundracanine

I might be crazy but this dont look complete or even a working example.
Like how does array get filed? lol
Other then that could be a cool idea i think. Alot of work to convert existing code thought.
If wanting support help please put bare min info like
Os:
U-232 Version:
Php Version:
Tracker type: like xbt or php
Saves on asking more questions just so people can help someone.

BamBam0077


class htmlout {
  public $name;

     function __construct($name) {
         $this->name = $name;
     }     
}

$html = new htmlout($title);
echo $html->name;



?><title><?php echo $html->name;?></title><?php
echo "<link rel='stylesheet'



$htmlout->admincp
$htmlout->maintemplate;
%htmlout->forum;
$htmlout->browse;
$htmlout=>upload;
$htmlout->teams;
$htmlout->profile;
%htmlout->polls;

above are examples for this idea to work with u232 v1 - v5 if interested just take your time and remember most my designs are mostly db driven.  ;)
"When Darkness Shadows Your Doubts, Deep Within Us Is Our Key, Not Success But Everything" ~ Anonymous